Again, the three-year wait makes no sense. I also don’t think that it’s random hackers who stumbled on these tools and are just trying to harm the NSA or the U.S. The SWIFT documents are records of an NSA operation, and the other posted files demonstrate that the NSA is hoarding vulnerabilities for attack rather than helping fix them and improve all of our security. That’s not what we’re seeing here it’s simply a bunch of exploit code, which doesn’t have the political or ethical implications that a whistleblower would want to highlight.
They would act more like Edward Snowden or Chelsea Manning, collecting for a time and then publishing immediately-and publishing documents that discuss what the U.S. While possible, it seems like a whistleblower wouldn’t sit on attack tools for three years before publishing. Given all of this, I don’t think the agent responsible is a whistleblower. They also posted anonymous messages in bad English but with American cultural references. The Shadow Brokers have released all the material unredacted, without the care journalists took with the Snowden documents or even the care WikiLeaks has taken with the CIA secrets it’s publishing. The Microsoft files seem different, too they don’t have the same identifying information that the router and mail server files do. The SWIFT files seem to come from an internal NSA computer, albeit one connected to the internet. The releases are so different that they’re almost certainly from multiple sources at the NSA.
#WAR BROKERS HACKS WINDOWS#
The Windows attack tools, published last month, might be a year or so older, based on which versions of Windows the tools support. Looking at the time stamps on the files and other material, they all come from around 2013. In total, the group has published four sets of NSA material: a set of exploits and hacking tools against routers, the devices that direct data throughout computer networks a similar collection against mail servers another collection against Microsoft Windows and a working directory of an NSA analyst breaking into the SWIFT banking network. I don’t think the agent responsible is a whistleblower. NSA hackers find obscure corners of the internet to hide the tools they need as they go about their work, and it seems the Shadow Brokers successfully hacked one of those caches. The material was from autumn 2013, and seems to have been collected from an external NSA staging server, a machine that is owned, leased, or otherwise controlled by the U.S., but with no connection to the agency.
#WAR BROKERS HACKS SERIES#
The Shadow Brokers suddenly appeared last August, when they published a series of hacking tools and computer exploits-vulnerabilities in common software-from the NSA. But we can make some educated guesses based on the material they’ve published. Who are these guys? And how did they steal this information? The short answer is: We don’t know. And they gave the authors of the WannaCry ransomware the exploit they needed to infect hundreds of thousands of computer worldwide this month.Īfter the WannaCry outbreak, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools. They have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers, forcing those companies and their customers to scramble. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands of anyone who wants them. Since last summer, they’ve been dumping these secrets on the internet.
#WAR BROKERS HACKS FULL#
In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of National Security Agency secrets.